[Secure-testing-commits] r18058 - data/CVE

Florian Weimer fw at alioth.debian.org
Fri Jan 6 14:12:28 UTC 2012 

Author: fw
Date: 2012-01-06 14:12:22 +0000 (Fri, 06 Jan 2012)
New Revision: 18058

Modified:
   data/CVE/list
Log:
NFUs
CVE-2011-3367: arora unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-06 13:37:01 UTC (rev 18057)
+++ data/CVE/list	2012-01-06 14:12:22 UTC (rev 18058)
@@ -201,15 +201,15 @@
 CVE-2012-0289
 	RESERVED
 CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: CoCSoft Stream Down
 CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP Symposium ...)
-	TODO: check
+	NOT-FOR-US: Symposium plugin for Wordpress
 CVE-2011-5050 (SQL injection vulnerability in corporate/Controller in Elitecore ...)
-	TODO: check
+	NOT-FOR-US: Elitecore Technologies Cyberoam UTM
 CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to cause ...)
-	TODO: check
+	NOT-FOR-US: MySQL on Windows
 CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...)
-	TODO: check
+	NOT-FOR-US: MailForm plugin for Movable Type
 CVE-2004-2775
 	RESERVED
 CVE-2004-2774
@@ -5490,11 +5490,11 @@
 CVE-2011-3418
 	RESERVED
 CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft ASP.NET
 CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft ASP.NET
 CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature in the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft ASP.NET
 CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the HashTable ...)
 	TODO: check
 	NOTE: Might affect Mono, pinged maintainers
@@ -5645,7 +5645,8 @@
 	- apache2 2.2.21-2 (medium)
 	NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
 CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font ...)
-	TODO: check
+	- arora <unfixed> (unimportant)
+	NOTE: Requires CA compromise to exploit, browser still displays warning.
 CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering ...)
 	- rekonq <not-affected> (Only affected the 0.8.x devel versions and was fixed before final 0.8 release, see bug #647298)
 	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt

More information about the Secure-testing-commits mailing list